For privacy reasons, I don't like it when websites set cookies when I just want to read them.
Serendipity does that, although it's just a session id.
My suggestion would be that s9y only opens a php-session if the user does something that requires a session (login, whatever plugin-features need sessions), but that simple viewing of the blog doesn't cause a session to be opened.
Toughts?
Idea: No cookies for visitors
Serendipity is a framework for plugins. By initiating a session no matter what it allows for plugins to utilize it if needed. By removing the session cookie it could possibly break plugins. I have no idea if this would actually happen, but it is a very high probability.
That being said, I think it would be a decent idea to remove the sessions from a performance side. In my experience sessions can slow down servers with a ton of traffic.
From a security standpoint I do not see the reason to want to remove the cookie. The only thing that cookie really says is that you've been to the site. Other than that the cookie is harmless.
That being said, I think it would be a decent idea to remove the sessions from a performance side. In my experience sessions can slow down servers with a ton of traffic.
From a security standpoint I do not see the reason to want to remove the cookie. The only thing that cookie really says is that you've been to the site. Other than that the cookie is harmless.
-
garvinhicking
- Core Developer
- Posts: 30020
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Hi!
Plus, cookies are requred for people to send comments and for the anti-spam measurements.
As chickens pointed out, s9y always has to draw a line between offering functionality and adaptionality. In this case, sessions are just too important for providing functionality to make them optional.
I don't see an easy way to check, when a session is required and when not. The problem is often sesions are simply utilized by plugins, themes or the core. I see much more other parts on s9y where work should be invested, so these cookie issues are really an ultra-low priority for myself. If anyone else wants to dive into it, have a go
Regards,
Garvin
Plus, cookies are requred for people to send comments and for the anti-spam measurements.
As chickens pointed out, s9y always has to draw a line between offering functionality and adaptionality. In this case, sessions are just too important for providing functionality to make them optional.
I don't see an easy way to check, when a session is required and when not. The problem is often sesions are simply utilized by plugins, themes or the core. I see much more other parts on s9y where work should be invested, so these cookie issues are really an ultra-low priority for myself. If anyone else wants to dive into it, have a go
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/